This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 07, 2014 Security WG Conference Call

From HL7Wiki
Jump to navigation Jump to search

Meeting Information

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x Mike DavisSecurity Co-chair . John MoehrkeSecurity Co-chair . Trish WilliamsSecurity Co-chair x Alexander Mense Security Co-chair
. Chris Clark . Johnathan ColemanCBCC Co-Chair x Kathleen Connor . Duane DeCouteau
. Reed Gelzer x Suzanne Gonzales-WebbCBCC Co-chair x Rick Grow . Ken Salyards
. Mohammed Jafari . Don Jorgenson . _ . Amanda Nash
. Paul PetronelliMobile Health Security Co-chair x Diana Proud-Madruga . Harry Rhodes . Aaron Seib
. Ioana Singureanu . Walter Suarez . Tony Weida . Paul PetronellimHealth Co-chair
x Paul Knapp . Steve Hufnagel . Gary Dickinson . Tim McKay

Back to Security Main Page

Agenda DRAFT

  1. (05 min) Roll Call, September 30 Meeting Minutes
  2. Patient Friendly Language - Kathleen
  3. Data Provenance Update
  4. (10 min) PSS EHR, Privacy and Security Joint Vocabulary Alignment Project
  5. (10 min) Patient Friendly Security and Privacy Language for Consent Directives (deliverable) - ONTOLOGY scope - Diana
  6. (as time allows) FHIR disposition - review/discussion, ongoing agenda item
  7. separate call/additional time for Security/Privacy DAM revision/update (January Informative ballot, Security-SOA ballot)
  8. (05 min) Other business, action items, and adjournment

Meeting Minutes

Approval of meeting minutes Meeting minutes for September 30

Patient Friendly Language - Kathleen Presented on the idea of a CBCC FHIR consent directive suite, explaining four things that need to happen:

  • FHIR PFL/Consent2Share Questionnaire Resource Profile
  • FHIR PFL/Consent2Share Questionnaire Answer Resource Profile
  • FHIR Consent Directive Resource Profile (FHIR Contract Resource)
  • FHIR Privacy/Security/Trust Policy Resource Profile (FHIR Contract Resource)

The patient part is more than just a patient friendly vocabulary GUI. It includes both detailed and high-medium-low privacy pieces. There is the notion of the pre-negotiated policies that the patient can select.

  1. FHIR PFL/Consent2Share 'Questionnaire Resource Profile' (FHIR Questionnaire Resource): This is the basis for developing template Consent2Share forms based on FHIR Privacy Policy Resource Profile.
  2. FHIR PFL/Consent2Share 'Questionnaire Answer Resource Profile' (FHIR Questionnaire Answer Resource): Currently, there is a Questionnaire Resource Proposal and Patient Care decided at May 2014 WGM to create a Questionnaire Answer Resource although there is no formal proposal for it yet. Presumably, the questionnaire is the template with the questions and possible answers while the Questionnaire Answers is an instance of the template with selected responses, which are captured in or referenced by other Resources.
  3. FHIR 'Consent Directive' Resource Profile (FHIR Contract Resource): This is populated with Security Label encoding of a FHIR PFL/Consent2Share Questionnaire Answer instance.
  4. FHIR 'Privacy/Security/Trust Policy' Resource Profile (FHIR Contract Resource): This is an encoded policy. In the case of the FHIR CD Suite - a FHIR Privacy Policy is encoded using Security Labels, which are the basis for a FHIR PFL/Consent2Share Questionnaire Resource Profile instance.
  • Patient Health Ecosystem where patient privacy preferences may be stipulated without parameters that are set up by HIPAA, 42 CFR Part2, Title 38 Section 7332, state privacy laws more restrictive than HIPAA and enterprise privacy policy domains to which providers and other covered entities must comply.
  • Enterprise Health Ecosystem where patient privacy preferences are restricted to those permissible under enterprise privacy policy domains.
  • CD Questionnaire questions and answers should be formulated using PFL - i.e., terms recommended for communicating health concepts to patients (e.g., Group Health Patient Health Education Resources, which has tools and PFL Word Lists).

A link will be made available of Kathleen's PPT from PFL

Data Provenance Update - Ballot Reconciliation Review of Bob Dieterle comments.

  • need for NUCC codes.
  • Kathleen noted that there is a lack of vocabulary talking about the different types of devices that could be used.
  • The CBCC WG passed a motion for Kathleen to draft a formal proposal for provenance-assigned device vocabulary for presentation at the November harmonization meeting. The proposal needs to be submitted to HL7 in two weeks, and the final proposal is due in December.

Meeting Adjourned at 1502 PDT